Genode's TrustZone demo on the USB Armory

Application of Genode as microhypervisor for Linux on an open source computer - story, design, and use

The USB Armory is an open source computer in the form of a USB stick. It
normally runs Linux. But thanks to the ARM TrustZone capabilities of the
device, it is possible to run the Genode OS Framework as microhypervisor
behind the back of Linux. This is useful for shielding sensitive information
like cryptographic keys from Linux by exposing it to Genode only and thereby
drastically reducing the attack surface. Even in the event Linux gets
compromised, e.g., by a vulnerability in the USB stack, the secrets remain
protected.

In the talk, I'll first give a short introduction into the USB Armory project
and its motivation. After that, I'll tell the development story of Genode's
microhypervisor scenario. I'll also illustrate how the TrustZone technology is
used to isolate Genode from Linux without compromising the rich feature set of
Linux, and how both worlds can safely communicate with each other. Last but
not least, I'll demonstrate the scenario itself and how it can be reproduced.